Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
hazendaz committed Jul 19, 2024
1 parent b218f68 commit 1385b24
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 11 deletions.
6 changes: 6 additions & 0 deletions psi-probe-core/src/main/java/psiprobe/ProbeConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping;
import org.springframework.web.servlet.i18n.CookieLocaleResolver;
Expand Down Expand Up @@ -360,6 +361,11 @@ public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(getLocaleChangeInterceptor());
}

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/webjars/**").addResourceLocations("/webjars/");
}

/**
* Gets the locale change interceptor.
*
Expand Down
47 changes: 36 additions & 11 deletions psi-probe-core/src/main/java/psiprobe/ProbeSecurityConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import java.util.List;
import java.util.TreeMap;

import javax.servlet.http.HttpServletRequest;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionVoter;
Expand All @@ -30,12 +32,17 @@
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
Expand All @@ -47,6 +54,7 @@
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
Expand All @@ -59,6 +67,22 @@
@EnableWebSecurity
public class ProbeSecurityConfig {

/**
* Gets the security filter chain.
*
* @param http the http
* @return the security filter chain
* @throws Exception the exception
*/
@Bean(name = "securityFilterChain")
public SecurityFilterChain getSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests().requestMatchers("/webjars/**").permitAll().requestMatchers("/**")
.permitAll().and().addFilter(getSecurityContextPersistenceFilter())
.addFilter(getJ2eePreAuthenticatedProcessingFilter()).addFilter(getLogoutFilter())
.addFilter(getExceptionTranslationFilter()).addFilter(getAuthorizationFilter());
return http.build();
}

/**
* Gets the filter chain proxy.
*
Expand Down Expand Up @@ -94,6 +118,7 @@ public SecurityContextPersistenceFilter getSecurityContextPersistenceFilter() {
return new SecurityContextPersistenceFilter();
}


/**
* Gets the pre authenticated authentication provider.
*
Expand Down Expand Up @@ -213,12 +238,12 @@ public ExceptionTranslationFilter getExceptionTranslationFilter() {
*
* @return the affirmative based
*/
@Bean(name = "affirmativeBased")
public AffirmativeBased getAffirmativeBased() {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
decisionVoters.add(getRoleVoter());
@Bean(name = "authorizationManager")
public AuthorizationManager<HttpServletRequest> getAuthorizationManager() {
List<AuthorizationManager<HttpServletRequest>> decisionVoters = new ArrayList<>();
decisionVoters.add(getAuthorityAuthorizationManager());

AffirmativeBased based = new AffirmativeBased(decisionVoters);
AuthorizationDecision based = new AuthorizationDecision(decisionVoters);
based.setAllowIfAllAbstainDecisions(false);
return based;
}
Expand All @@ -228,9 +253,9 @@ public AffirmativeBased getAffirmativeBased() {
*
* @return the filter security interceptor
*/
@Bean(name = "filterSecurityInterceptor")
public FilterSecurityInterceptor getFilterSecurityInterceptor() {
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
@Bean(name = "authorizationFilter")
public AuthorizationFilter getAuthorizationFilter() {
AuthorizationFilter interceptor = new AuthorizationFilter(getAuthorizationManager());
interceptor.setAuthenticationManager(getProviderManager());
interceptor.setAccessDecisionManager(getAffirmativeBased());

Expand Down Expand Up @@ -258,9 +283,9 @@ public FilterSecurityInterceptor getFilterSecurityInterceptor() {
*
* @return the role voter
*/
@Bean(name = "roleVoter")
public RoleVoter getRoleVoter() {
return new RoleVoter();
@Bean(name = "authorityAuthorizationManager")
public AuthorityAuthorizationManager<HttpServletRequest> getAuthorityAuthorizationManager() {
return new AuthorityAuthorizationManager();
}

/**
Expand Down

0 comments on commit 1385b24

Please sign in to comment.